I'm trying to do some masquerading using iptables (1.2.9) on kernel 2.4.18:
modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe iptable_nat
modprobe ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
EXT="my-eth0-addr"
INT="my-eth1-addr"
iptables -F FORWARD
iptables -P FORWARD -j ACCEPT
iptables -F OUTPUT
iptables -P OUTPUT -j ACCEPT
iptables -F INPUT
iptables -P INPUT -j ACCEPT
iptables -t nat -F
iptables -v -t nat -A POSTROUTING -o $EXT -j MASQUERADE
which returns:
MASQUERADE all opt -- in * out 192.168.1.128 0.0.0.0/0 -> 0.0.0.0/0
(I've additionally enabled ipv4 forwarding in sysctl.conf)
This computer (d2) is masquerading on the eth0-interface in the below
setup. Through the eth1-if united may be pinged and through the eth0-if
ff may be pinged.
united d2 ff
eth0---------eth1
eth0--------eth0
But when pinging from united to ff using d2 as gateway:
united:~ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
ff d2 255.255.255.255 UGH 0 0 0 eth0
I get the following from /proc/net/ip_conntrack (I've replace IP's for
names) and thus no replies:
icmp 1 29 src=united dst=ff type=8 code=0 id=18953 [UNREPLIED]
src=ff dst=united type=0 code=0 id=18953 use=1
.... and the following from tcpdump on d2:
[root@d2 /root]# tcpdump icmp
User level filter, protocol ALL, TURBO mode (575 frames), datagram
packet socket
tcpdump: listening on all devices
17:42:35.593597 eth1 < united > ff: icmp: echo request (DF)
17:42:35.593630 eth0 > united > ff: icmp: echo request (DF)
Running tcpdump icmp yields 0 packets
(zero/zip/none/keine/nothing/not-a-single)
How come I not get a icmp reply? ... how should I further debug this
problem?
Nils
|
Similar Threads
Linear Mode
